apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: kubevpn-server
rules:
- apiGroups: [ "" ]
resources: [ "configmaps" ]
resourceNames: [ "kubevpn-traffic-manager" ]
verbs: [ "list", "watch", "delete" ]
- apiGroups: [ "" ]
resources: [ "secrets" ]
resourceNames: [ "kubevpn-traffic-manager" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "admissionregistration.k8s.io" ]
resources: [ "mutatingwebhookconfigurations" ]
verbs: [ "create", "get", "list", "watch" ]
- apiGroups: [ "", "rbac.authorization.k8s.io" ]
resources: [ "serviceaccounts", "rolebindings", "roles", "secrets" ]
verbs: [ "create" ]
- apiGroups: [ "" ]
resources: [ "namespaces" ]
verbs: [ "get", "update" ]
- apiGroups: [ "", "apps" ]
resources: [ "statefulsets", "deployments" ]
verbs: [ "get", "patch", "list" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "create", "get", "list", "patch", "watch" ]
- apiGroups: [ "" ]
resources: [ "configmaps" ]
verbs: [ "update", "create", "get", "patch" ]
- apiGroups: [ "" ]
resources: [ "services" ]
verbs: [ "get", "list", "create", "patch", "watch" ]
- apiGroups: [ "" ]
resources: [ "pods/exec", "pods/portforward" ]
verbs: [ "create" ]
- apiGroups: [ "", "metrics.k8s.io" ]
resources: [ "pods", "pods/log", "endpoints" ]
verbs: [ "list", "get" ]